Social Engineering

Social Engineering is any act that influences a person to take an action that may or may not be in their best interests. It’s the art of gaining access to buildings, systems or information by exploiting human psychology, rather than breaking in, or using technical hacking techniques. It’s the art of manipulating people so they give up confidential information or allow access to restricted areas.

Impersonation: The practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.

Vishing: (voice or VoIP phishing) is is a fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. The difference between phishing and vishing is that the fraudster makes direct contact over the phone.

It is much easier to fool someone into reveal their password than it is to guess or crack the password. Social Engineering scammers know how to exploit your natural inclination to trust. The weakest link in the security chain is the human who accepts a person or scenario at face value. Since social engineering involves a human element, preventing these attacks can be tricky.

Many people at the university have access to things like:

Sensitive personal information.

Financial information.

Bank accounts.

Restricted areas of the university.

Access to the university after hours.

These things can be used by criminals for financial gain. If you are entrusted with access to anything at the university, it is critical that you ensure that anyone you deal with is in fact who they claim to be and that they have a legitimate reason to have access. Recently scammers have been making cold calls to some universities’ staff, indicating they sell equipment. After the initial call, they begin to follow up via email to try and convince the staff to review an attached equipment list. In this attachment is RansomWare. Their goal is to buddy up with individuals so you will open the attachment.